diff options
author | Jeff Darcy <jdarcy@redhat.com> | 2014-04-17 23:21:05 +0000 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2014-07-02 02:47:05 -0700 |
commit | caa8a4ea50734378e7e19f70b39a837c58e9d229 (patch) | |
tree | a06a99e143a1dd8c99cc10e84e9d3bca72a63cf7 /xlators/protocol/server/src | |
parent | 831efecf927788f26b630cb82d5d6ff4af411a3d (diff) |
rpc/auth: allow SSL identity to be used for authorization
Access to a volume is now controlled by the following options, based on
whether SSL is enabled or not.
* server.ssl-allow: get identity from certificate, no password needed
* auth.allow: get identity and matching password from command line
It is not possible to allow both simultaneously, since the connection
itself is either using SSL or it isn't.
Change-Id: I5a5be66520f56778563d62f4b3ab35c66cc41ac0
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/3695
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/protocol/server/src')
-rw-r--r-- | xlators/protocol/server/src/server-handshake.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/xlators/protocol/server/src/server-handshake.c b/xlators/protocol/server/src/server-handshake.c index 6b1a39936f4..98418e77893 100644 --- a/xlators/protocol/server/src/server-handshake.c +++ b/xlators/protocol/server/src/server-handshake.c @@ -450,6 +450,13 @@ server_setvolume (rpcsvc_request_t *req) req->trans->xl_private = client; auth_set_username_passwd (params, config_params, client); + if (req->trans->ssl_name) { + if (dict_set_str(params,"ssl-name",req->trans->ssl_name) != 0) { + gf_log (this->name, GF_LOG_WARNING, + "failed to set ssl_name %s", req->trans->ssl_name); + /* Not fatal, auth will just fail. */ + } + } ret = dict_get_int32 (params, "fops-version", &fop_version); if (ret < 0) { |